flow-diff
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a shell command (
ls) to locate snapshot directories using a user-provided flow name. This is a functional requirement for the skill's operation but represents a potential command execution surface if the input is not sanitized. - [DATA_EXFILTRATION]: The skill reads
results.jsonand screenshot files from the local.flowchad/snapshots/directory. This access is restricted to the project environment and is used solely for generating regression reports, posing no risk of unauthorized data transmission. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes outputs from automated web walks. 1. Ingestion points:
results.jsonand screenshot files inSKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Directory listing and local file reading. 4. Sanitization: No data validation or sanitization of external content is specified. The risk is evaluated as low given the data originates from the user's own test snapshots.
Audit Metadata